CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-28388
https://notcve.org/view.php?id=CVE-2020-28388
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. Se ha identificado una vulnerabilidad en Capital VSTAR (Todas las versiones), Nucleus NET (Todas las versiones anteriores a V5.2), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2012.12), Nucleus Source Code (Todas las versiones), PLUSCONTROL 1st Gen (Todas las versiones). • https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf • CWE-342: Predictable Exact Value from Previous Values •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 0CVE-2014-8165 – powerpc-utils-python: arbitrary code execution due to unpickling untrusted input
https://notcve.org/view.php?id=CVE-2014-8165
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. scripts/amsvis/powerpcAMS/amsnet.py en powerpc-utils-python utiliza el módulo pickle Python de forma insegura, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto serializado manipulado. It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process. • http://rhn.redhat.com/errata/RHSA-2016-2607.html http://sourceforge.net/p/powerpc-utils/mailman/message/32884230 http://www.openwall.com/lists/oss-security/2015/02/09/4 http://www.securityfocus.com/bid/72537 https://bugzilla.redhat.com/show_bug.cgi?id=1073139 https://exchange.xforce.ibmcloud.com/vulnerabilities/100788 https://access.redhat.com/security/cve/CVE-2014-8165 • CWE-345: Insufficient Verification of Data Authenticity CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4040 – powerpc-utils: snap creates archives with fstab and yaboot.conf which may expose certain passwords
https://notcve.org/view.php?id=CVE-2014-4040
snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. snap en powerpc-utils 1.2.20 produce un archivo con ficheros fstab y yaboot.conf que potencialmente contienen contraseñas en texto claro, y no tiene un aviso sobre la revisión de este archivo para detectar contraseñas incluidas, lo que podría permitir a atacantes remotos obtener información sensible mediante el aprovechamiento de acceso a un flujo de datos del soporte técnico. A flaw was found in the way the snap utility of powerpc-utils generated an archive containing a configuration snapshot of a service. A local attacker could obtain sensitive information from the generated archive such as plain text passwords. • http://openwall.com/lists/oss-security/2014/06/17/1 http://rhn.redhat.com/errata/RHSA-2015-0384.html https://access.redhat.com/security/cve/CVE-2014-4040 https://bugzilla.redhat.com/show_bug.cgi?id=1110520 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •